1. Field of the Invention
The present invention relates generally to information processing apparatuses, access control methods, access control program products, recording media, and image forming apparatuses, and more particularly to an information processing apparatus, an access control method, an access control program product, a recording medium, and an image forming apparatus provided with a platform for executing a predetermined application.
2. Description of the Related Art
In recent years and continuing, image forming apparatuses are provided with a CPU as in general-purpose computers, although there are considerable restrictions pertaining to memories, etc. Examples of the image forming apparatuses are printers, copiers, scanners, facsimile machines, or multifunction peripherals in which the aforementioned functions are realized in a single housing. These functions are realized under the control of applications.
Some of these image forming apparatuses are provided with a platform for mounting and executing a Java (registered trademark) application. Thus, it is possible to customize an application by adding an application suited to the user's environment after shipment (e.g., Patent Document 1).
Incidentally, the source code of such an application is created by an unspecified person such as a third party vendor or the user. Thus, the person may deliberately or accidentally execute an application that fraudulently accesses a resource in the image forming apparatus.
Meanwhile, in the execution environment of Java (registered trademark), a function is installed for performing access control for each application (each class) with respect to each resource. Access control information (policy) for each application is defined in a policy specification file. There is a mechanism of causing an “exception” in the event that an application attempts to perform an operation that violates the policy. Accordingly, this mechanism ensures the security of the resources. However, if a single application fraudulently accesses the policy specification file and falsifies the contents, the security of the resources cannot be ensured thereafter, which damages the reliability of the image forming apparatus. One approach is to include a definition in the policy definition file that prevents any access to the policy specification file itself.
However, it is inconvenient if the policy specification file is completely prevented from being edited. One approach is to give permission to access the policy specification file to a particular application such as an application for editing the policy specification file, and to authorize only privileged users to execute the particular application.
Patent Document 1: Japanese Laid-Open Patent Application No. 2005-269619
However, it is not possible to ensure that unauthorized users are completely prevented from masquerading as authorized users. Furthermore, the policy specification file is a text file. Therefore, the policy specification file can be easily changed by editing it with a text editor without the editing being prevented by the security function of Java (registered trademark).